You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by rz...@apache.org on 2023/04/26 18:04:40 UTC
[tomee] 04/06: Patches Tomcat 10.0.27 for CVE-2023-28708 by applying the changeset from https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b
This is an automated email from the ASF dual-hosted git repository.
rzo1 pushed a commit to branch tomee-9.x
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit bb5d3f8a73408a8327246d5ef4ffdab1ca5d5610
Author: Richard Zowalla <ri...@hs-heilbronn.de>
AuthorDate: Tue Apr 18 13:34:29 2023 +0200
Patches Tomcat 10.0.27 for CVE-2023-28708 by applying the changeset from https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b
---
.../src/patch/java/org/apache/catalina/Globals.java | 7 +++++++
.../patch/java/org/apache/catalina/connector/Request.java | 14 ++++++++++++++
.../java/org/apache/catalina/filters/RemoteIpFilter.java | 7 +------
3 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/tomee/apache-tomee/src/patch/java/org/apache/catalina/Globals.java b/tomee/apache-tomee/src/patch/java/org/apache/catalina/Globals.java
index 916dd38e1c..c56a177d38 100644
--- a/tomee/apache-tomee/src/patch/java/org/apache/catalina/Globals.java
+++ b/tomee/apache-tomee/src/patch/java/org/apache/catalina/Globals.java
@@ -111,6 +111,13 @@ public final class Globals {
public static final String SENDFILE_SUPPORTED_ATTR = org.apache.coyote.Constants.SENDFILE_SUPPORTED_ATTR;
+ /**
+ * The request attribute that is set to the value of {@code Boolean.TRUE}
+ * if {@link org.apache.catalina.filters.RemoteIpFilter} determines
+ * that this request was submitted via a secure channel.
+ */
+ public static final String REMOTE_IP_FILTER_SECURE = "org.apache.catalina.filters.RemoteIpFilter.secure";
+
/**
* The request attribute that can be used by a servlet to pass
* to the connector the name of the file that is to be served
diff --git a/tomee/apache-tomee/src/patch/java/org/apache/catalina/connector/Request.java b/tomee/apache-tomee/src/patch/java/org/apache/catalina/connector/Request.java
index 55e7e677fa..5f0b56e826 100644
--- a/tomee/apache-tomee/src/patch/java/org/apache/catalina/connector/Request.java
+++ b/tomee/apache-tomee/src/patch/java/org/apache/catalina/connector/Request.java
@@ -3585,5 +3585,19 @@ public class Request implements HttpServletRequest {
// NO-OP
}
});
+ specialAttributes.put(Globals.REMOTE_IP_FILTER_SECURE,
+ new SpecialAttributeAdapter() {
+ @Override
+ public Object get(Request request, String name) {
+ return Boolean.valueOf(request.isSecure());
+ }
+
+ @Override
+ public void set(Request request, String name, Object value) {
+ if (value instanceof Boolean) {
+ request.setSecure(((Boolean) value).booleanValue());
+ }
+ }
+ });
}
}
diff --git a/tomee/apache-tomee/src/patch/java/org/apache/catalina/filters/RemoteIpFilter.java b/tomee/apache-tomee/src/patch/java/org/apache/catalina/filters/RemoteIpFilter.java
index 75b5404dc9..732300a359 100644
--- a/tomee/apache-tomee/src/patch/java/org/apache/catalina/filters/RemoteIpFilter.java
+++ b/tomee/apache-tomee/src/patch/java/org/apache/catalina/filters/RemoteIpFilter.java
@@ -584,11 +584,6 @@ public class RemoteIpFilter extends GenericFilter {
return serverPort;
}
- @Override
- public boolean isSecure() {
- return secure;
- }
-
public void removeHeader(String name) {
Map.Entry<String, List<String>> header = getHeaderEntry(name);
if (header != null) {
@@ -628,7 +623,7 @@ public class RemoteIpFilter extends GenericFilter {
}
public void setSecure(boolean secure) {
- this.secure = secure;
+ super.getRequest().setAttribute(Globals.REMOTE_IP_FILTER_SECURE, Boolean.valueOf(secure));
}
public void setServerName(String serverName) {